{"id":5036,"date":"2020-08-31T16:49:18","date_gmt":"2020-08-31T20:49:18","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5036"},"modified":"2020-08-31T16:49:18","modified_gmt":"2020-08-31T20:49:18","slug":"how-hackers-can-challenge-your-iam-policies-you-may-not-expect","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/","title":{"rendered":"How Hackers Can Challenge Your IAM Policies (You May Not Expect)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4537\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\" alt=\"How Hackers Can Challenge Your IAM Policies (You May Not Expect)\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">How can hackers challenge your IAM (<a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">identity and access management<\/a>) policies? Can they do so in ways you may not expect? Moreover, can you prepare your identity and access management solution to mitigate these malicious actions?\u00a0<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">These aren\u2019t idle questions. The new business-level digital perimeter primarily consists of identity and access management, prominently demonstrated by login security. Hackers continually assail this perimeter by compromising credentials and subverting authentication practices.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Of course, the most normal means by which hackers circumvent authentication protocols is through compromised credentials. They can achieve this through a variety of different tactics and tools; phishing attacks convince users to willingly give up their credentials, password cracking tools can keep trying combinations, and just simple guesswork using publicly available information can all bypass password protections.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, hackers can challenge your IAM policies in different ways than the expected credentials compromise. Here\u2019s a few to investigate.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How Hackers Can Challenge Your IAM Policies (You May Not Expect)<\/b><\/h3>\n<h3><b>1. Exploiting Unpatched Vulnerabilities<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">For one thing, hackers may find a way to gain the access they want without even going through a login portal. The number of branches involving unpatched vulnerabilities or misconfigured databases would stagger any IT decision makers. Often, some of the most sensitive data or critical personally identifying information only needs hackers to find it.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Additionally, a simple vulnerability could allow hackers into the network with no need to input any credentials at all. For example, a hacker could enter through a network device like an IoT and simply jump into the network from there.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You need the security awareness and the monitoring to find and close these openings before hackers find them. Also, you need to enforce logins at all possible openings and configure databases to demand them as well.\u00a0<\/span><\/p>\n<h3><b>2. Privilege Escalation<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We actually discussed <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/what-is-privilege-escalation-how-can-it-pose-a-threat\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">privilege escalation<\/span><\/a><span style=\"font-weight: 400\"> in detail in a previous article; check it out if you would like a more detailed exploration.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Here\u2019s the summation. Hackers always want the most they can get. Thus, privileged accounts are prized above all in nefarious circles; these accounts can disrupt finances, destroy workflows, shut down the entire network, and more. Threat actors want this kind of power, if only because it makes their goals so much easier.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Worse, hackers don\u2019t even need actual privileged accounts to gain these kinds of power in your IT infrastructure. Instead, they could compromise a regular account and escalate its permissions until it has the power they need.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Only through privileged access management and identity governance can your enterprise prevent these kinds of malicious actions.<\/span><\/p>\n<h3><b>3. Lackluster Authentication<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We stress continually, and prominently, the inferiority of the single-factor authentication (i.e. password-only). Instead, we advocate multifactor authentication (MFA); the more factors you put between requester and data, the more secure the latter.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, where enterprises fail is not just in authentication but in limiting that authentication to the login portal. While MFA can prove difficult for hackers to crack, with enough time and effort they can do it. Without continuous authentication, hackers that do penetrate into the network can move about unchallenged. It&#8217;s just one more way hackers can challenge your IAM policies.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">So you need to deploy continuous authentication through your IT infrastructure. This can take the form of behavioral biometrics and user and entity behavioral analysis. These tools identify the baseline behaviors of users and monitor them to ensure they follow those baselines. Hackers in these systems have nowhere to hide.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can learn more in our <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">Identity Management Buyer\u2019s Guide<\/a>.\u00a0\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-privilieged-access-management-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/PAM_BG_SB_800.gif\" alt=\"Download Link to Privileged Access Management Buyer's Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>How can hackers challenge your IAM (identity and access management) policies? Can they do so in ways you may not expect? Moreover, can you prepare your identity and access management solution to mitigate these malicious actions?\u00a0 These aren\u2019t idle questions. The new business-level digital perimeter primarily consists of identity and access management, prominently demonstrated by [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,125,16,1204,1532,425,70,124,123],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Hackers Can Challenge Your IAM Policies (You May Not Expect)<\/title>\n<meta name=\"description\" content=\"How can hackers challenge your IAM (identity and access management) policies? Can they do so in ways you may not expect? Find out here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/\",\"name\":\"How Hackers Can Challenge Your IAM Policies (You May Not Expect)\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"datePublished\":\"2020-08-31T20:49:18+00:00\",\"dateModified\":\"2020-08-31T20:49:18+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"How can hackers challenge your IAM (identity and access management) policies? Can they do so in ways you may not expect? Find out here.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"width\":800,\"height\":400,\"caption\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Hackers Can Challenge Your IAM Policies (You May Not Expect)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Hackers Can Challenge Your IAM Policies (You May Not Expect)","description":"How can hackers challenge your IAM (identity and access management) policies? Can they do so in ways you may not expect? Find out here.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/","url":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/","name":"How Hackers Can Challenge Your IAM Policies (You May Not Expect)","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","datePublished":"2020-08-31T20:49:18+00:00","dateModified":"2020-08-31T20:49:18+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"How can hackers challenge your IAM (identity and access management) policies? Can they do so in ways you may not expect? Find out here.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","width":800,"height":400,"caption":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/how-hackers-can-challenge-your-iam-policies-you-may-not-expect\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"How Hackers Can Challenge Your IAM Policies (You May Not Expect)"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5036"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5036"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5036\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4537"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}